Apple updates QuickTime with security update

Apple on Wednesday released an update to QuickTime, version 7.4.1, closing a critical hole thats been known for nearly a month. Specifically, the update addresses a vulnerability that could leave users open to arbitrary code execution via a web page embedded with a specially-crafted streaming media file.

The vulnerability is a heap buffer overflow that exists in QuickTimes handling of HTTP responses when RTSP tunneling is enabled. The update improves bounds checking, thus preventing the issue from occurring. This is Apples fifth QuickTime patch since October including another RTSP vulnerability that led to a series of attacks back in December.

Given the security nature of this update, 7.4.1 is of course recommended for all QuickTime 7 users and can be downloaded through Apples Software Update utility or from the Apple Downloads site.